CVE-2006-4957

Опубликовано: 23 сент. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php.

Ссылки

http://secunia.com/advisories/21991
Vendor Advisory
http://www.securityfocus.com/bid/20105
Exploit
http://www.vupen.com/english/advisories/2006/3716
https://exchange.xforce.ibmcloud.com/vulnerabilities/29029
https://www.exploit-db.com/exploits/2397
http://secunia.com/advisories/21991
Vendor Advisory
http://www.securityfocus.com/bid/20105
Exploit
http://www.vupen.com/english/advisories/2006/3716
https://exchange.xforce.ibmcloud.com/vulnerabilities/29029
https://www.exploit-db.com/exploits/2397

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:the_myreview_system:myreview:1.9.4:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.0103

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-cx6w-mcjq-qmq3

github

почти 4 года назад